Design Robust Telephony Solutions for UCaaS in the Cloud
Securely move or deploy new voice and telephony calling plan workloads for your Unified Communications as a Service (UCaaS) offering to Oracle Cloud using Oracle Communications Session Delivery portfolio products such as Session Border Controller (SBC), Subscriber-Aware Load Balancer (SLB), Session Router (SR) and Enterprise Operations Monitor (EOM).
Best-of-breed Oracle Communications Session Delivery portfolio on Oracle Cloud offers secure, scalable, and simplified communications solutions.
Deploy SBCs at the borders between IP networks. Enterprises can use SBCs to interconnect internal communication networks, connect to a wide area service designed for interactive communications (such as a SIP trunk), and so on. You can also deploy SBCs between two service providers or between a service provider and its customers.
SBCs enable you to manage the following for a broad range of next-generation communications services and applications:
- Security
- Interoperability and service reach maximization
- Quality of experience (QoE), availability and service-level agreement (SLA) assurance
- Service revenue optimization and cost management
- Regulatory compliance
Oracle Communications Session Border Controller is powerful, full-featured software that you can deploy on Oracle Cloud Infrastructure. The Generation-2 hardware underlying Oracle Cloud Infrastructure uses non-oversubscribed networks and provides the computing power required to control session-based communications, without adding latency, jitter, or delay to the bi-directional media flows that constitute such communications.
Architecture
This reference architecture illustrates how UCaaS vendors can protect their session delivery edge using Oracle Communications Session Border Controller portfolio on Oracle Cloud, and provide reliable and high quality voice and calling plans to their customers.
This architecture contains an active-standby pair of Oracle Communications Session Border Controller (SBC), Subscriber-Aware Load Balancer (SLB), and Session Router (SR) along with a distributed Enterprise Operations Monitor (EOM) that are deployed in different fault domains in a single availability domain in an Oracle Cloud Infrastructure region. In regions that have multiple availability domains, you can distribute the instances across two availability domains.
The architecture is segmented into three deployment use cases:
- Peering interconnect: Enables the UCaaS vendors to connect to the carriers and use SBC to provide native PSTN calling plans.
- Access: Enables the UCaaS vendors to let their Session Initiation Protocol (SIP) software clients and hard phones connect to the Unified Communications platform by registering through SBC.
- Bring Your Own Carrier (BYOC): Enables the UCaaS vendors to the let their customers bring their own on-premises voice infrastructure and connect to the Unified Communications platform using SBC.
The following diagram illustrates this reference architecture.
Description of the illustration ucaas_high_level_arch.png
Session Border Controllers
The following diagram illustrates the network topology for SBCs.
Description of the illustration ucaas_sbc_nw.png
Session Routers
The following diagram illustrates the network topology for SRs.
Description of the illustration ucaas_sr_nw.png
Subscriber-Aware Load Balancer
The following diagram illustrates the network topology for SLBs.
Description of the illustration ucaas_slb_nw.png
Enterprise Operations Monitors
The following diagram illustrates the network topology for EOMs.
Description of the illustration ucaas_eom_nw.png
The architecture has the following components:
- Primary and standby SBC nodes
These are Oracle Cloud Infrastructure Compute instances that host the Oracle Communications Session Border Controller. In this reference architecture, both the SBC nodes are attached to the same subnet, and they're deployed within a single availability domain. You can also choose to attach the SBC nodes to different subnets. In a region that has multiple availability domains, you can deploy the SBCs in separate availability domains.
- Primary and standby SR nodes
These are Oracle Cloud Infrastructure Compute instances that host the Oracle Communications Session Routers. In this reference architecture, both the SR nodes are attached to the same subnet, and they're deployed within a single availability domain. You can choose to attach the SR nodes to different subnets. In a region that has multiple availability domains, you can deploy the SRs in separate availability domains.
- Primary and standby SLB nodes
These are Oracle Cloud Infrastructure Compute instances that host the Oracle Communications Subscriber-Aware Load Balancer. In this reference architecture, both the SLB nodes are attached to the same subnet, and they're deployed within a single availability domain. You can choose to attach the SLB nodes to different subnets. In a region that has multiple availability domains, you can deploy the SLBs in separate availability domains.
- Enterprise Operations Monitor
This is an Oracle Cloud Infrastructure Compute instance that hosts the Oracle Communications Enterprise Operations Monitor. In this reference architecture, both the EOM nodes are attached to the same subnet, and they're deployed within a single availability domain. In a region that has multiple availability domains, you can deploy another EOM node for redundancy and replication of monitoring data.
- Oracle Communications Security Shield
The Oracle Communications Security Shield Cloud (OCSS) service provides the highest level of protection by applying adaptive intelligence and dynamic verification to every call (automatically enforcing policy-based mitigation) and delivering a 360-degree view of your communications traffic, all in real-time.
- Oracle Session Delivery Management Cloud
Oracle Session Delivery Management Cloud (OSDMC) helps in easy management of the Oracle Communications portfolio. Built on Oracle’s next-generation cloud infrastructure, OSDMC helps customers minimize operational costs in a more agile, reliable, and secure way.
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Availability domains
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Compute shape
The shape of an Oracle Cloud Infrastructure Compute instance specifies the number of CPUs and amount of memory allocated to the instance. The compute shape also determines the number of virtual network interface cards (VNICs) and maximum bandwidth available for the Oracle Cloud Infrastructure Compute instance.
- Internet gateway
The internet gateway allows traffic between the public subnets in a VCN and the public internet.
- Dynamic routing gateway (DRG)
The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Object storage
Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
- IP-PBX
An IP-PBX is a phone system that connects multiple telephone extensions to the public switched telephone network (PSTN). It provides voice connectivity for internal communication within a business.
- Bastion host
The bastion host is a compute instance that serves as a secure, controlled entry point to the topology from outside the cloud. The bastion host is provisioned typically in a demilitarized zone (DMZ). It enables you to protect sensitive resources by placing them in private networks that can't be accessed directly from outside the cloud. The topology has a single, known entry point that you can monitor and audit regularly. So, you can avoid exposing the more sensitive components of the topology without compromising access to them.
- Cloud Communication Service
Cloud Communication Service (CCS) is an Oracle Cloud Infrastructure Compute instance which is a proxy, establishing secure connection channel between SBC, SR, SLB, EOM, and cloud services such as OSDMC and OCSS.
Recommendations
Use the following recommendations as a starting point to design a robust telephony solution for UCaaS.
Your requirements might differ from the architecture described here.
- Primary and standby Session Border Controller nodes
Use the VM.Standard 2.8 shape, which provides 8 OCPUs and 120 GB of RAM. It also provides 4.1 Gbps network bandwidth. If the deployment requires more bandwidth, then consider using higher shapes.
- Object Storage
Use Oracle Cloud Infrastructure Object Storage to store logs and other data.
- VCN
When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.
Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.
After you create a VCN, you can change, add, and remove its CIDR blocks.
When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.
- Security lists
Use security lists to define ingress and egress rules that apply to the entire subnet.
Considerations
When designing a telephony solution for UCaaS, consider these options.
- Performance and cost
Oracle Cloud Infrastructure offers Oracle Cloud Infrastructure Compute shapes that cater to a wide range of applications and use cases. Choose the shapes for your Oracle Cloud Infrastructure Compute instances carefully, so that you get optimal performance for your workload at the lowest cost.
- Availability
Consider using a high-availability option based on your deployment requirements and your region. The options include distributing resources across multiple availability domains in a region and distributing resources across the fault domains within an availability domain.
- Monitoring and alerts
Set up monitoring and alerts on CPU and memory usage for your nodes, so that you can scale the shape up or down as needed.
Deploy
You can deploy this reference architecture from the Oracle Cloud Marketplace image.
- Go to Oracle Cloud Marketplace.
- Click Get App.
- Follow the on-screen prompts.